Jump to content

End of POSReady 2009 Patches: What to Do?


Sampei.Nihira

Recommended Posts


6 hours ago, Mathwiz said:

 

why would malware want to open a folder window, and what possible security exposure would that pose if it did?

Because it can place an executable in the autorun folder in which resides links to programs that are gonna be opened at boot-time, then wait 'till you'll reboot and boom.

Anyway, I'm still running my browser normally, but I think I'm gonna use the Avast Sandbox in the future.

Link to comment
Share on other sites

15 hours ago, FranceBB said:

Because it can place an executable in the autorun folder in which resides links to programs that are gonna be opened at boot-time, then wait 'till you'll reboot and boom.

Anyway, I'm still running my browser normally, but I think I'm gonna use the Avast Sandbox in the future.

That's no good.

The effectiveness of the sandbox is directly proportional to the kernel that hosts it.

If the OS is unpatched in the future, the effectiveness of the sandbox may be affected.

Furthermore, the effectiveness of sandboxes depends on other factors, which reduce their protection in OS like XP.

For example, the protection of Chrome's sandbox is less effective in Windows XP:

 

https://chromium.googlesource.com/chromium/src/+/master/docs/design/sandbox.md

Quote

 

.....Sandbox restrictions

At its core, the sandbox relies on the protection provided by four Windows mechanisms:

A restricted token

The Windows job object

The Windows desktop object

Windows Vista and above: The integrity levels

_____________________________________________________________________________

....By design, the sandbox token cannot protect the following non-securable resources:

Mounted FAT or FAT32 volumes: The security descriptor on them is effectively null. Malware running in the target can read and write to these volumes as long it can guess or deduce their paths.

TCP/IP: The security of TCP/IP sockets in Windows 2000 and Windows XP (but not in Vista) is effectively null. It might be possible for malicious code in the target to send and receive network packets to any host.

 

 

https://threatpost.com/using-kernel-exploits-bypass-sandboxes-fun-and-profit-031813/77638/

 

Quote

....We also used a kernel vulnerability in the underlying operating system in order to gain elevated privileges and to execute arbitrary commands outside of the sandbox with system privileges.....

 

Edited by Sampei.Nihira
Link to comment
Share on other sites

On 5/17/2019 at 4:27 PM, FranceBB said:

Because it can place an executable in the autorun folder in which resides links to programs that are gonna be opened at boot-time, then wait 'till you'll reboot and boom.

It wouldn't have to open a window to do that! It could just slip the .exe into your Startup folder invisibly, and be done with it. In fact, opening a window would be counterproductive from the malware's point of view: you might notice the rogue .exe in there and delete it. At the very least, having an Explorer window open up unbidden would be a tip-off that something was amiss.

I mean, security I dig, but you guys are taking it to an extreme if you think it's a risk to let your browser ever open an Explorer window!

But, whatever. As I thought I made clear, it's not that big of a deal, especially since running your browser with limited privileges has other benefits. I just thought I'd point out that side-effect in case someone else tries this trick, then later notices they can't open their download folder from the browser any more. Just trying to save some time troubleshooting why that was happening; didn't realize pointing it out would become so, um, controversial....

Link to comment
Share on other sites

  • 2 weeks later...

Found this interesting statement from my old friends(before i reached Sysopt):
https://www.techrepublic.com/article/windows-xp-dies-final-death-as-embedded-posready-2009-reaches-end-of-life/

Will now execute the Posready Hack on actual drive, like done on others.
UPDATE:
That was a bad idea.
Result was explorer-crashing. i am now on a different drive with other problems.
Have the very same explorer-crash on a third drive, same SSE-PC.
Have not found a solution, tried everything incl. repairinstallation with endless amount of troubles since it was falling back to SP2. dont have a SP3-installation yet here. a) couldnt install SP3(finally found a workaround) b) couldnt run winxp updatepacks from winfuture dot de. found a solution.

(NB:Other than written by me elsewhere in this forum-if not deleted by the administration- only english versions of Win7(NOT WINXP like i stated) will accept these updatepacks.

Edited by 3dreal
NEWS
Link to comment
Share on other sites

  • dencorso changed the title to End of POSReady 2009 Patches: What to Do?

LOL:

Quote

Windows XP dies final death as Embedded POSReady 2009 reaches end of life

IOW, we already claimed XP was dead five years ago, and we're just now admitting we were wrong. But we're right this time!

Well, maybe ... but there are still folks using Win2K, and there are more XP users than 2K users....

Link to comment
Share on other sites

Now, if you have a need to access your PC via Remote Desktop, that's another matter; you can't just block the port without losing that functionality. (Obvious example: Windows XP mode under Win 7 requires that port be open to work - but it's not accessible to the "outside" anyhow.)

But I bet most users here at MSFN have already installed the fix for this vulnerability on all their PCs anyhow.

Link to comment
Share on other sites

1 hour ago, Mcinwwl said:

Can't we change the port RDP uses for communication?

Yes but i would assume that still leaves the new port vulnerable, albeit it's better-than-nothin' as most bots looking for this vulnerability are probably only interested in the default port.
YMMV

Link to comment
Share on other sites

Sure. You can put better door lock, or concrete it and enter your house from a helicopter or secret underground tunel. just need to mind your risks, needs and possibilities ;)

Link to comment
Share on other sites

A big fat thank you, Microsoft! So you do love us, after all.

Why am I thanking Microsoft?

Well, it's because contrary to what they said in 2018 and reiterated in 2019, they have released the new Microsoft C++ Redistributable 2019 x86 and guess what? They are XP-Compatible.

This is a very good news as it means that programmes compiled with Visual Studio 2019 will be able to run on XP without targeting the old deprecated v141_xp but using the new one.

Thank you, Microsoft, thank you!! :D

https://support.microsoft.com/en-gb/help/2977003/the-latest-supported-visual-c-downloads

IQFZbCa.png

Edited by FranceBB
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...